cross-posted to: https://sh.itjust.works/post/14114626

If the rule is about forwarding traffic from the lan interface to the wan interface, then why is there also a forward rule? How would inputs, and outputs make any sense if the rule is talking about forwarding? What does it mean for wan to forward to REJECT? I interperet that as saying that wan doesn’t go anywhere, but that wouldn’t make sense given that the router can send, and receive over the internet.

For example I would interperet the first rule as follows:

  • lan => wan: the conditions for which connections from the lan interface are forwarded to to the wan interface.
  • Input: accept: the lan interface accepts all connections originating from the network (I wouldn’t understand the point of setting this to be reject).
  • Output: accept: all connections exiting the wan interface are accepted (again, I’m not sure what the point of this would be).
  • Forward: accept: forwarding of packets from lan to wan is allowed.
  • Masquerade: I honestly don’t know what the effect of enabling this would be. What would it mean to masquerade the lan interface?

I tried finding documentation, and I did come across this, and this, but, from what I could understand, they didn’t really answer any of my questions.

  • Kalcifer@sh.itjust.worksOP
    1·
    2 years ago

    For the most part, it has been answered (you can scroll through the comments to see if you want to add any other information to a reply of mine, or someone else), but I would still certainly appreciate other attempts at explanations.